Comic Book Reader Arbitrary File Overwrite Vulnerability
Vulnerability
A vulnerability allowing arbitrary file overwriting has been identified in Comic Book Reader version 1.0.95. This issue arises during the file import process, where insufficient security validation allows attackers to overwrite critical internal files. Exploitation of this vulnerability could lead to arbitrary code execution, exposure of sensitive information, denial of service, and other severe security impacts.
Impact
Exploitation of this vulnerability could overwrite important internal files, potentially allowing for arbitrary code execution, exposure of sensitive information, or causing the application to malfunction or fail to launch.
Reproduction
The vulnerability can be reproduced by sending an intent to the Comic Book Reader app's main activity. The intent must include a URI that traverses the file system to reach a sensitive file within the app's internal storage, such as a WebView preferences file. This can be done using a malicious content provider that serves the crafted URI, effectively overwriting the targeted file with arbitrary data.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.